Customer and marketing privacy policy
Last updated 24.5.2018
At Hanken & SSE Executive Education, we care about your safety and respect your privacy. We comply with all relevant regulations and we want to be open and transparent with what information we collect and how we use it. We recognise the need to protect the information we collect or that you provide to us.
1 Controller
Hanken & SSE Executive Education Ab
P. O. Box 479
00101 HELSINKI
FINLAND
(hereafter ”we” or ”Hanken & SSE”)
2 Contact point for register matters
team@hankensse.fi
+358 40 352 1515
P. O. Box 479
00101 HELSINKI
FINLAND
3 Name of register
CUSTOMER AND MARKETING REGISTER
4 What is the legal basis for and purpose of the processing of personal data?
The basis for processing personal data is the legitimate interest of
the company based on direct marketing and service provision as well as
the performance of a contract.
The purpose of the processing of personal data is:
- delivery, management and development of our executive education programs and other consulting services,
- management of customer relations,
- organising events and alumni activities,
- feedback, surveys and other information collection and processing,
- donation collection and management,
- collection of statistics,
- analysing and profiling of customers,
- electronic and other direct marketing,
- targeting marketing within the networks of the company and other parties.
5 What data do we process?
We process the following personal data of the customer or other data subject in connection with the customer register:
- basic information of the data subject such as name*, mother tongue;
- contact information of the data subject such as email address, phone number, address;
- information regarding the customer company and its contact persons, such as business names and contact information of the contact persons;
- event participation details and possible information regarding event participation such as allergy and diet data (which is collected based on the consent of the participant);
- information regarding the customership, such as information of past orders;
- possible direct marketing prohibitions and consents;
- Information related to the behavior of the data subject in the services and website, which is used for profiling purposes such us the sites and services visited, the duration of visits/use, actions taken on the sites and in services;
- Technical information about the data subject’s end devices such as IP address, MAC address and operating system;
- other possible information collected based on the consent of the data subject.
6 From where do we receive information?
We receive data primarily from the data subject him-/herself, for
example by filling in form on our website. In addition, we receive data
from publicly available sources such as company websites, internet,
news and professional networking services.
For the purposes described in this privacy notice, personal data may
also be updated from publicly available sources and based on information
received from authorities or other third parties within the limits of
the applicable laws and regulations. Data updating of this kind is
performed manually or by automated means.
7 To whom do we disclose data and do we transfer data outside of EU or EEA?
We may disclose information to the following parties: Hanken School of Economics and Stockholm School of Economics.
We use subcontractors that process personal data on behalf of and for
us (data transfer). We have outsourced the IT management and other
information systems to external service providers, on whose servers the
data is stored. The server is protected and managed by the external
service provider. We also transfer data to our program speakers,
accommodation providers and other event partners.
We have ensured your privacy with our subcontractors by entering into
the necessary data processing agreements. We cannot name all
subcontractors and have thus listed the types of subcontractors.
We may transfer personal data outside of EU/EEA, including to the
United States of America. We have taken care of suitable safeguards for
the transfer, and use the EU Commission standard contractual clauses or
another transfer mechanism approved by the privacy legislation.
8 How do we protect the data and how long do we store it?
Only those of our employees, who on behalf of their work are entitled
to process customer data, are entitled to use a system containing
personal data. Each user has a personal username and password to the
system. The information is collected into databases that are protected
by firewalls, passwords and other technical measures. The databases and
the backup copies of them are in locked premises and can be accessed
only by certain pre-designated persons.
We store the personal data for as long as is necessary considering
the purpose of the processing. For customer data, this retention period
is until the claim and reclamation period related to our services has
elapsed. This period is by default five (5) years from collection.
Personal data used for marketing purposes is deleted or updated when it
is discovered to be outdated or the data subject is deemed unresponsive
to the marketing.
We regularly assess the need for data retention in light of the
applicable legislation. In addition, we take reasonable measures to
ensure that the personal data in the register is not incompatible,
obsolete or inaccurate considering the purpose of the processing. We
rectify or delete such information without delay.
9 How do we use cookies for processing your data?
A cookie is a small text file that is placed on your device by a web
server, this helps us to improve our website and to deliver a better and
more personalised online experience to you. You have the ability to
accept or decline cookies. By choosing to decline cookies you may not be
able to have the full experience of the interactive features of our
website. The cookies we use keep track of pages you visit and other
website activity, in order to determine what portion of the website is
most popular or most used. This data is used to deliver customised
content and promotions within the website to visitors whose behavior
indicates that they are interested in a particular subject area.
If you do not accept the use of these cookies you can change your
browser settings so that cookies from this website can be deleted and
cannot be placed on your computer or mobile device. More information
about declining and controlling cookies may be found at
www.youronlinechoices.eu.
10 What are your rights as a data subject?
As a data subject you have a right to inspect the personal data
concerning yourself, which is stored in the register, and a right to
require rectification or erasure of the data, provided that the request
has a legal basis. You also have a right to withdraw or change your
consent.
As a data subject, you have a right, according to EU’s General Data
Protection Regulation to object to processing or request restricting the
processing and lodge a complaint with a supervisory authority
responsible for processing personal data.
For specific personal reasons, you also have the right to object to
profiling and other processing operations, when the processing of your
data is based on our customer relationship with you. In connection with
your request, you will need to identify the specific situation, based on
which you object to the processing. We can refuse the request of
objection only on legal grounds.
As a data subject you have the right to object to the processing of
your personal data for direct marketing, including profiling for such
purposes.
11 Who can you be in contact with?
All contacts and requests concerning this privacy notice must be
submitted in writing or in person to the email address mentioned in
section two (2).
12 Changes in the Privacy Notice
Should we make amendments to this privacy notice we will place the
amended statement on our website, with an indication of the amendment
date. If the amendments are significant, we may also inform you about
this by other means, for example by sending an email or placing a
bulletin on our homepage. We recommend that you regularly visit out
webpage and notice possible amendments to this privacy notice. review
these privacy protection principles from time to time to ensure you are
aware of any amendments made.
Faculty privacy policy
Last updated 24.5.2018
At Hanken & SSE Executive Education, we care about your safety and respect your privacy. We comply with all relevant regulations and we want to be open and transparent with what information we collect and how we use it. We recognise the need to protect the information we collect or that you provide to us.
1 Controller
Hanken & SSE Executive Education Ab
P. O. Box 479
00101 HELSINKI
FINLAND
(hereafter ”we” or ”Hanken & SSE”)
2 Contact point for register matters
team@hankensse.fi
+358 40 352 1515
P. O. Box 479
00101 HELSINKI
FINLAND
3 Name of register
FACULTY REGISTER
4 What is the legal basis for and purpose of the processing of personal data?
The basis for processing personal data is legal requirement, the
performance of a contract and the legitimate interest of the company
based on faculty member relationship.
The purpose of the processing of personal data is:
- delivery, management and development of our executive education programs and other services,
- proposal creation and program sales as well as other marketing purposes,
- career and development counselling,
- feedback collection and processing,
- organizing events and alumni activities,
- management of supplier and faculty relations,
- fulfilment of contractual obligations and other undertakings of Hanken & SSE,
- disclosures to tax and other authorities.
5 What data do we process?
We process the following personal data of the supplier or faculty
member or other data subject in connection with the supplier and faculty
register:
- basic information of the faculty member such as name*, date of birth, username and/or other identifier, password, gender, mother tongue*;
- contact information of the faculty member such as email address, phone number, home address;
- payment information of the faculty member such as bank account number and tax card information;
- information of company and company’s contact persons (if the faculty member works via a company)such
as Business ID, address, names and contact details of the contact
persons, bank account and invoicing information of the company;
- information regarding the qualifications and profession of the faculty member such
as education*, degrees, institution or employer*, certificates or other
special training, prior Hanken & SSE program participation, field
of specialty, photograph;
- event participation details and possible information regarding the event, such as accommodation and travel data, allergy and diet data (which is collected based on the content of the faculty member);
- material prepared and produced by the faculty member in connection with the program such as presentations, materials, handouts, feedback,
- possible direct marketing prohibitions and consents;
- other possible information collected based on the consent of the data subject.
Providing the information marked with an asterisk is a prerequisite
for our contractual relationship and/or supplier relationship. We cannot
enter into the relationship without the necessary information.
6 From where do we receive information?
We receive data primarily from the data subject him-/herself.
For the purposes described in this privacy notice, personal data may
also be collected and updated from publicly available sources and based
on information received from authorities or other third parties within
the limits of the applicable laws and regulations. Data updating of this
kind is performed manually or by automated means.
7 To whom do we disclose data and do we transfer data outside of EU or EEA?
We disclose information to the following parties: Hanken and
Stockholm School of Economics. We also disclose information to
prospective and existing customers, tax and other authorities, insurance
companies and Tekes.
We use subcontractors that process personal data on behalf of and for
us (data transfer). We have outsourced the IT management, bookkeeping
and education information systems to external service providers, on
whose servers the data is stored. The server is protected and managed by
the external service provider. We also transfer data to our program
speakers, accommodation providers and other event partners.
We have ensured your privacy with our subcontractors by entering into
the necessary data processing agreements. We cannot name all
subcontractors and have thus listed the types of subcontractors.
We transfer personal data outside of EU/EEA, including to the United
States of America. We have taken care of suitable safeguards for the
transfer, and use the EU Commission standard contractual clauses or
another transfer mechanism approved by the privacy legislation.
8 How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their work are entitled
to process faculty data, are entitled to use a system containing
personal data. Each user has a personal username and password to the
system. The information is collected into databases that are protected
by firewalls, passwords and other technical measures. The databases and
the backup copies of them are in locked premises and can be accessed
only by certain pre-designated persons.
We store the personal data for as long as is necessary considering
the purpose of the processing. For the faculty’s personal data, this
retention period is based on legal requirements (e.g. taxation) or a
claim or reclamation period. By default the data is kept for ten (10)
years after the program or event in which the faculty member
participated has ended.
We regularly assess the need for data retention in light of the
applicable legislation. In addition, we take reasonable measures to
ensure that the personal data in the register is not incompatible,
obsolete or inaccurate considering the purpose of the processing. We
rectify or delete such information without delay.
9 What are your rights as a data subject?
As a data subject you have a right to inspect the personal data
concerning yourself, which is stored in the register, and a right to
require rectification or erasure of the data, provided that the request
has a legal basis. You also have a right to withdraw or change your
consent.
As a data subject, you have a right, according to EU’s General Data
Protection Regulation (applied from 25.5.2018) to object to processing
or request restricting the processing and lodge a complaint with a
supervisory authority responsible for processing personal data.
For specific personal reasons, you also have the right to object to
profiling and other processing operations, when the processing of your
data is based on our legitimate interest. In connection with your
request, you will need to identify the specific situation, based on
which you object to the processing. We can refuse the request of
objection only on legal grounds.
As a data subject you have the right to object to the processing of
your personal data for direct marketing, including profiling for such
purposes.
10 Who can you be in contact with?
All contacts and requests concerning this privacy notice must be
submitted in writing or in person to the email address mentioned in
section two (2).
11 Changes in the Privacy Notice
Should we make amendments to this privacy notice we will place the
amended statement on our website, with an indication of the amendment
date. If the amendments are significant, we may also inform you about
this by other means, for example by sending an email or placing a
bulletin on our homepage. We recommend that you regularly visit out
webpage and notice possible amendments to this privacy notice. review
these privacy protection principles from time to time to ensure you are
aware of any amendments made.
Participant privacy policy
Last updated 24.5.2018
At Hanken & SSE Executive Education, we care about your safety and
respect your privacy. We comply with all relevant regulations and we
want to be open and transparent with what information we collect and how
we use it. We recognise the need to protect the information we collect
or that you provide to us.
1 Controller
Hanken & SSE Executive Education Ab
P. O. Box 479
00101 HELSINKI
FINLAND
(hereafter ”we” or ”Hanken & SSE”)
2 Contact point for register matters
team@hankensse.fi
+358 40 352 1515
P. O. Box 479
00101 HELSINKI
FINLAND
3 Name of register
PARTICIPANT REGISTER
4 What is the legal basis for and purpose of the processing of personal data?
The basis for processing personal data is the performance of a contract and the legitimate interest of the company based on customer relationship and service provision.
The purpose of the processing of personal data is:
- delivery, management and development of our executive education programs and other consulting services,
- career and development counselling,
- analyzing and profiling of participants,
- feedback, surveys and other information collection and processing,
- requests for referrals and future speaking opportunities,
- organizing events and alumni activities,
- collection of statistics,
- management of customer relations,
- fulfilment of contractual obligations and other undertakings of Hanken & SSE,
- electronic and other direct marketing.
5 What data do we process?
We process the following personal data of the participant or other data subject in connection with the participant register:
- basic information of the data subject such as name*, date of birth, citizenship, country of residence, gender, mother tongue, photograph;
- contact information of the data subject such as email address*, phone number, home address;
- information regarding the customer company and its contact persons, such as business ID and names and contact information of the contact persons;
- program participation application information such as current employer, job title, duties of work, international experience, degrees or other professional studies, language skills, possible referrers, extra-curricular activities, goals and aims for the program as well as reasons for applying, information about where heard
of the program; - information regarding the executive education programs the person has taken part in such as program name, program’s date and duration, content of the program, assignments, project work, thesis, videos and other other materials produced in the program, certificates and diplomas awarded, MBA scores;
- event participation details and possible information regarding the event, such as allergy and diet data (which is collected based on the consent of the participant);
- information regarding the customership and contract, such as information of past and existing contracts and orders, other transaction information;
- possible direct marketing prohibitions and consents;
- other possible information collected based on the consent of the data subject.
Providing the information marked with an asterisk is a prerequisite for our contractual relationship and/or customer relationship. We cannot deliver the product and/or service without the necessary information.
6 From where do we receive information?
We receive data primarily from the data subject him-/herself and/or his/her employer.
For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.
7 To whom do we disclose data and do we transfer data outside of EU or EEA?
We disclose information to the following parties: Hanken and Stockholm School of Economics, statistical and other authorities as required.
We use subcontractors that process personal data on behalf of and for us (data transfer). We have outsourced the IT management and other education information systems to external service providers, on whose servers the data is stored. The server is protected and managed by the external service provider. We also transfer data to our program speakers, accommodation providers and other event partners.
We have ensured your privacy with our subcontractors by entering into the necessary data processing agreements. We cannot name all subcontractors and have thus listed the types of subcontractors.
We may transfer personal data outside of EU/EEA, including to the United States of America. We have taken care of suitable safeguards for the transfer, and use the EU Commission standard contractual clauses or another transfer mechanism approved by the privacy legislation.
8 How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their work are entitled to process participant data, are entitled to use systems containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.
We store the personal data for as long as is necessary considering the purpose of the processing. For personal data used for participant purposes, this retention period is until the claim and reclamation period related to our services has elapsed, or as long as we need to provide the customer with program participation information or
certificates or authorities with program participation statistics. This period is by default five (5) years from the end of the program. Personal data used for marketing purposes is deleted or updated when it is discovered to be outdated or the data subject is deemed unresponsive to the marketing.
We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.
9 What are your rights as a data subject?
As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data, provided that the request has a legal basis. You also have a right to withdraw or change your consent.
As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object to processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.
For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our legitimate interest. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of
objection only on legal grounds.
As a data subject you have the right to object to the processing of your personal data for direct marketing, including profiling for such purposes.
10 Who can you be in contact with?
All contacts and requests concerning this privacy notice must be submitted in writing or in person to the email address mentioned in section two (2).
11 Changes in the Privacy Notice
Should we make amendments to this privacy notice we will place the amended statement on our website or in another appropriate channel, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit out webpage and review this privacy notice to ensure you are aware of any amendments made.
Supplier privacy policy
Last updated 24.5.2018
At Hanken & SSE Executive Education, we care about your safety and
respect your privacy. We comply with all relevant regulations and we
want to be open and transparent with what information we collect and how
we use it. We recognise the need to protect the information we collect
or that you provide to us.
1 Controller
Hanken & SSE Executive Education Ab
P. O. Box 479
00101 HELSINKI
FINLAND
(hereafter ”we” or ”Hanken & SSE”)
2 Contact point for register matters
team@hankensse.fi
+358 40 352 1515
P. O. Box 479
00101 HELSINKI
FINLAND
3 Name of register
SUPPLIER REGISTER
4 What is the legal basis for and purpose of the processing of personal data?
The basis for processing personal data is legal requirement, the
performance of a contract and the legitimate interest of the company
based on supplier and subcontractor relationship.
The purpose of the processing of personal data is:
- management of ICT, HR and healthcare, financial and other company support services and systems,
- management of sales and sales support services and systems,
- management of program support systems such as participant
registration systems, learning management systems, feedback processes
and systems,
- fulfilment of contractual obligations and other undertakings of Hanken SSE,
- disclosures to tax and other authorities,
- management of supplier relations.
5 What data do we process?
We process the following personal data of the supplier or faculty
member or other data subject in connection with the supplier and faculty
register:
- information regarding the supplier company and its contact persons, such as business ID* and names and contact information of the contact persons*;
- information regarding the suppliership and contract, such as information of past and excisting contracts and orders, other transaction information.
Providing the information marked with an asterisk is a prerequisite
for our contractual relationship and/or supplier relationship. We cannot
enter into the relationship without the necessary information.
6 From where do we receive information?
We receive data primarily from the data subject him-/herself and/or his/her employer (supplier).
For the purposes described in this privacy notice, personal data may
also be collected and updated from publicly available sources and based
on information received from authorities or other third parties within
the limits of the applicable laws and regulations. Data updating of this
kind is performed manually or by automated means.
7 To whom do we disclose data and do we transfer data outside of EU or EEA?
We disclose information to the following parties: Hanken and
Stockholm School of Economics. We also disclose information to existing
customers, tax and other authorities and Tekes.
We use subcontractors that process personal data on behalf of and for
us (data transfer). We have outsourced the IT-management to an external
service provider, to whose server the data is stored. The server is
protected and managed by the external service provider.
We transfer personal data outside of EU/EEA, including to the United
States of America. We have taken care of suitable safeguards for the
transfer, and use the EU Commission standard contractual clauses or
another transfer mechanism approved by the privacy legislation.
8 How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their work are entitled
to process customer data, are entitled to use a system containing
personal data. Each user has a personal username and password to the
system. The information is collected into databases that are protected
by firewalls, passwords and other technical measures. The databases and
the backup copies of them are in locked premises and can be accessed
only by certain pre-designated persons.
We store the personal data for as long as is necessary considering
the purpose of the processing. For suppliers’ personal data, this
retention period is until the claim and reclamation period related to
the supplier’s products or services has elapsed.
We regularly assess the need for data retention in light of the
applicable legislation. In addition, we take reasonable measures to
ensure that the personal data in the register is not incompatible,
obsolete or inaccurate considering the purpose of the processing. We
rectify or delete such information without delay.
9 What are your rights as a data subject?
As a data subject you have a right to inspect the personal data
concerning yourself, which is stored in the register, and a right to
require rectification or erasure of the data, provided that the request
has a legal basis. You also have a right to withdraw or change your
consent.
As a data subject, you have a right, according to EU’s General Data
Protection Regulation (applied from 25.5.2018) to object to processing
or request restricting the processing and lodge a complaint with a
supervisory authority responsible for processing personal data.
For specific personal reasons, you also have the right to object to
profiling and other processing operations, when the processing of your
data is based on our customer relationship with you. In connection with
your request, you will need to identify the specific situation, based on
which you object to the processing. We can refuse the request of
objection only on legal grounds.
10 Who can you be in contact with?
All contacts and requests concerning this privacy notice must be
submitted in writing or in person to the address mentioned in section
two (2).
11 Changes in the Privacy Notice
Should we make amendments to this privacy notice we will place the
amended statement on our website, with an indication of the amendment
date. If the amendments are significant, we may also inform you about
this by other means, for example by sending an email or placing a
bulletin on our homepage. We recommend that you regularly visit out
webpage and notice possible amendments to this privacy notice. review
these privacy protection principles from time to time to ensure you are
aware of any amendments made.
Job applicant privacy policy
Last updated 24.5.2018
At Hanken & SSE Executive Education, we care about your safety and
respect your privacy. We comply with all relevant regulations and we
want to be open and transparent with what information we collect and how
we use it. We recognise the need to protect the information we collect
or that you provide to us.
1 Controller
Hanken & SSE Executive Education Ab
P. O. Box 479
00101 HELSINKI
FINLAND
(hereafter ”we” or ”Hanken & SSE”)
2 Contact point for register matters
team@hankensse.fi
+358 40 352 1515
P. O. Box 479
00101 HELSINKI
FINLAND
3 Name of register
JOB APPLICANT REGISTER
4 What is the legal basis for and purpose of the processing of personal data?
The basis for processing personal data is:
- Specific rights and obligations (legal requirements) of the controller or of the data subject in the field of employment law;
- preparation of an employment contract;
- the data subject has given explicit consent to the processing of his or her personal data.
The purpose of the processing of personal data is e.g. to support
actions related to the recruitment process and management of the
recruitment process and enable contacts regarding applications and
selection processes from persons (data subjects) who have applied for
the positions.
None of the personal data we process under this register is subject
to automatic decision-making or profiling that would have legal effects
or impacts for the job applicant.
5 What data do we process?
We process the following personal data of the job applicants in connection with the job applicant register:
- basic information of the data subject such as name*, date of birth, personal identity number and/or other identifier, gender, mother tongue;
- contact information of the data subject such as email address*, phone number*, home address;
- information regarding the position applied for such
as information of the position in question including information of the
nature and type of the employment relationship and information of the
contact persons designated for the application process, salary proposal,
information related to when the applicant could start working;
- other information that the data subject has provided of
himself, his background etc. in connection with the application process,
such as a photograph, study and other educational
information, profession, work history (such as employers, start dates
and durations of previous jobs, nature of the previous jobs), language
skills, other special skills, description of personal features,
different certificates and ratings, links to profiles and portfolios
found on internet;
- information regarding references and suitability assessments such as referrers and their statements, employment suitability test scores and results;
- information regarding the recruitment process of the data subject such as information of upcoming further interviews or of the interruption of the recruitment process;
- other possible information that the data subject himself has provided voluntarily in connection with the recruitment process or otherwise explicitly published in for professional purposes (e.g. on LinkedIn).
Providing the information marked with an asterisk (*) is a
requirement for us to be be able to move forward in the application
process.
6 From where do we receive information?
We receive data primarily from the the data subject him-/herself. We
use other sources of data within the limits of the applicable laws and
regulations. We also receive information from recruiting consultants,
referrers and suitability testers as necessary.
By submitting a job application, the job applicant consents to the
collection of data from his/her professional profiles to the extent such
collection is necessary taking into consideration the nature of the
vacancy.
7 To whom do we disclose data and do we transfer data outside of EU or EEA?
We disclose personal data in accordance with the applicable laws to a
party, who based on law, has a right to receive information from the
register. We may also disclose information for other purposes in
accordance with the Finnish legislation.
We engage subcontractors processing data on behalf of and for us. We
use subcontractors in the processing of job applicants’ personal data
for the following services: HR and Recruitment Services, Legal Services,
and IT Systems.
We have ensured your privacy with our subcontractors by entering into
the necessary data processing agreements. We cannot name all of our
subcontractors, and have thus listed the types of subcontractors.
We do not disclose the personal data in the register to third parties
beside the ones specified above without the explicit separate consent
of the data subject.
We may transfer personal data outside of EU/EEA, including to the
United States of America. We have taken care of suitable safeguards for
the transfer, and use the EU Commission standard contractual clauses or
another transfer mechanism approved by the privacy legislation.
8 How do we protect the data and how long do we store it?
Only those of our employees, who due to their working duties are
entitled to process job applicant data, have the right to use systems
containing personal data. Each user has a personal username and password
to the systems. The information is collected into databases that are
protected by firewalls, passwords and other technical measures. The
databases and backup copies of them are stored in locked premises and
can be accessed only by certain pre-designated persons. We also store
paper copies of personal data in locked premises and the data may only
be accessed by persons who are entitled to them due to their working
duties.
We store the personal data for as long as is necessary for the
purpose of the processing. By default the data can be used for filling
vacancies during the six (6) months following their collection. The data
is destroyed in three (3) years from its collection. In case the job
applicant becomes an employee of the company, his/her personal data
given for the application are stored as part of the employee register
according to its privacy notice.
We assess the necessity of storing the data on a regular basis taking
into account the applicable laws and regulations. In addition, we take
all reasonable actions to ensure that no incompatible, outdated or
inaccurate personal data are stored in the register taking into account
the purpose of the processing. We correct or erase such data without
delay.
9 What are your rights as a data subject?
As a data subject you have a right to inspect the personal data
concerning yourself, which is stored in the register, and a right to
require rectification or erasure of the data, provided that the request
has a legal basis. You also have a right to withdraw or change your
consent.
As a data subject, you have a right, according to EU’s General Data
Protection Regulation (applied from 25.5.2018) to object to processing
or request restricting the processing and lodge a complaint with a
supervisory authority responsible for processing personal data.
For specific personal reasons, you also have the right to object to
profiling and other processing operations, when the processing of your
data is based on our legitimate interest. In connection with your
request, you will need to identify the specific situation, based on
which you object to the processing. We can refuse the request of
objection only on legal grounds.
10 Who can you be in contact with?
All contacts and requests concerning this privacy notice must be
submitted in writing or in person to the email address mentioned in
section two (2).
11 Changes in the Privacy Notice
Should we make amendments to this privacy notice we will place the
amended statement on our website or in another appropriate channel, with
an indication of the amendment date. If the amendments are significant,
we may also inform you about this by other means, for example by
sending an email or placing a bulletin on our homepage. We recommend
that you regularly visit out webpage and review this privacy notice to
ensure you are aware of any amendments made.